Cybercriminals Exploit Tax Season With New Phishing Tactics
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
Sophisticated Voice Phishing Campaigns Don't Exploit Any Software VulnerabilitiesAmidst persistent voice phishing campaigns designed to trick employees and steal sensitive corporate data, security experts recommend organizations deploy phishing-resistant multifactor authentication, monitor for attacks and use "live video verification" to safeguard authentication changes.
Phishing attacks have been identified using fake PayPal alerts to exploit remote monitoring and management tools
Cybersecurity researchers issue warning over a surge in attacks designed to trick Facebook users into handing over login credentials
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other
Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud
A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials. [...]
Also: CoinMarketCap Attack, BitPro Blames Lazarus for $11M HackThis week, a new malware targeted crypto wallets via photos, CoinMarketCap faced attack, BitoPro blamed Lazarus for heist, Trezor warned of phishing scam, France saw another crypto kidnapping, cops re-arrested teen after second theft, Hacken blamed human error for exploit and Self Chain ousted CEO.
Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before. Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primary
In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials
Welcome to this week’s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights
Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure
A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine
Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials
Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes
Hackers Could Exploit Bug to Manipulate Slack AI's LLM to Steal DataChat app Slack patched a vulnerability in its artificial intelligence tool set that hackers could have exploited to manipulate an underlying large language model to phish employees and steal sensitive data. Slack said it was a low-severity bug.
The LOTS attack uses trusted sites like Google Drawings and WhatsApp to trick users into sharing data
Cyberattackers could exploit CVE-2023-20238 to carry out a variety of nefarious deeds, from data theft and code execution to phishing, fraud, and DoS.